nerdexam
Isaca

AAISM · Question #253

An organization decides to contract a vendor to implement a new set of AI libraries. Which of the following is MOST important to address in the master service agreement to protect data used during the

The correct answer is D. Right to audit. AAISM emphasizes that the right to audit is the most critical contractual safeguard when outsourcing AI services. This allows the contracting organization to independently verify that the vendor is applying appropriate protections to training data, meeting compliance obligations,

AI Security Risk Management

Question

An organization decides to contract a vendor to implement a new set of AI libraries. Which of the following is MOST important to address in the master service agreement to protect data used during the AI training process?

Options

  • AData pseudonymization
  • BContinuous data monitoring
  • CIndependent certification
  • DRight to audit

How the community answered

(46 responses)
  • A
    9% (4)
  • B
    4% (2)
  • C
    17% (8)
  • D
    70% (32)

Explanation

AAISM emphasizes that the right to audit is the most critical contractual safeguard when outsourcing AI services. This allows the contracting organization to independently verify that the vendor is applying appropriate protections to training data, meeting compliance obligations, and upholding privacy requirements. Pseudonymization is a technical method, monitoring is operational, and certifications provide external assurance, but none give the direct, enforceable oversight that audit rights provide. In vendor contracts, the right to audit is the primary safeguard for data protection and governance.

Topics

#Vendor risk management#Contractual agreements#Data protection#Right to audit

Community Discussion

No community discussion yet for this question.

Full AAISM Practice